L2TP/IPSec Remote Access Server (RAS) AR2240C router

Created: Jul 10, 2019 12:10:38Latest reply: Jul 17, 2019 10:11:16 223 9 0 0
  Rewarded Hi-coins: 0 (problem resolved)

Hi i setting up RAS (L2TP/IPSec) on AR2240C router

L2TP only works correct, but when i try to use IPSec it doesn't work.

Logbuffer says "Jul 10 2019 15:00:45+03:00 DST EDGE-R02-ILK %%01INFO/4/SUPPRESS_LOG(l)[0]:Last message repeated 2 times.(InfoID=1887440902, ModuleName=IKE, InfoAlias=IKE_NEGO_FAIL)"

Hedex has many inaccuracies

I checked IKE settings many times but it's no purpose.

Here it is my config:



interface Eth-Trunk1.3900
dot1q termination vid 3900
ip address X.X.X.X X.X.X.
nat outbound 3100 vrrp 1
ipsec policy -=RAS_POLICY=-


ipsec proposal 1
esp authentication-algorithm sha2-256
esp encryption-algorithm aes-256
#
ike proposal 5
encryption-algorithm aes-256
dh group5
authentication-algorithm sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
ike peer -=RAS=-
exchange-mode aggressive
pre-shared-key simple xxxxxxxxxxxxxxxx
ike-proposal 5
local-id-type fqdn
#
ipsec policy-template -=RAS_TMPLT=- 2
ike-peer -=RAS=-
proposal 1
#
ipsec policy -=RAS_POLICY=- 1 isakmp template -=RAS_TMPLT=-



195920vzvughgugt41lggh.jpg?RAS.jpg

200558aqzs2zmlx2tnqd6l.jpg?RAS1.jpg

  • x
  • convention:

Featured Answers
Admin Created Jul 12, 2019 07:38:10 Helpful(0) Helpful(0)

  • x
  • convention:

All Answers
yogijain MVE Created Jul 10, 2019 12:47:31 Helpful(0) Helpful(0)

Hi
As I  am observing
Please configure below part and confirm

1) ike peer -=RAS=-
remote-address x.x.x.x need tp be configured


2) ike proposal 5
sa Duration >>>


3) ipsec Policy 
   Sequrity Acl  abc 

4) ACL abc 
rule 30 permit ip source lan ip / subnet mask  destination remote ip / mask 

Regards
  • x
  • convention:

Yogendra%20Jain
chenhui Admin Created Jul 10, 2019 12:56:39 Helpful(0) Helpful(0)

@andrbor Hi,
could you please check the corresponding information about the ike sa( display ike sa)
  • x
  • convention:

andrbor Created Jul 11, 2019 13:07:00 Helpful(0) Helpful(0)

Posted by yogijain at 2019-07-10 12:47 HiAs I  am observing Please configure below part and confirm 1) ike peer -=RAS=-remote-address x.x ...


1) ike peer -=RAS=-
remote-address x.x.x.x need tp be configured

Error: The ike peer applied on the policy-template should not config a remote-address. ((



2) ike proposal 5
sa Duration >>>

i've entered the command, but it steel has  default meaning 86400

3) ipsec Policy
   Security Acl  abc

there is no oportunity to enter this command  ((

4) ACL abc
rule 30 permit ip source lan ip / subnet mask  destination remote ip / mask
  • x
  • convention:

andrbor Created Jul 11, 2019 13:12:05 Helpful(0) Helpful(0)

Maybe do you have some working config?

Actually i need to realize this scheme:


RAS

This article contains more resources

You need to log in to download or view. No account?Register

x
  • x
  • convention:

yogijain MVE Created Jul 11, 2019 14:54:04 Helpful(0) Helpful(0)

Posted by andrbor at 2019-07-11 10:12 Maybe do you have some working config?Actually i need to realize this scheme:
Yes you are right my friend
Thanks for your feedback.. I will work out further in this.,if possible .
  • x
  • convention:

chenhui Admin Created Jul 12, 2019 07:38:10 Helpful(0) Helpful(0)

  • x
  • convention:

andrbor Created Jul 15, 2019 08:53:37 Helpful(0) Helpful(0)

That example from firewall "USG6000" Are you shure is that fits ?
I ment some config from working device.
  • x
  • convention:

andrbor Created Jul 17, 2019 10:08:56 Helpful(0) Helpful(0)

Posted by chenhui at 2019-07-12 07:38 Posted by andrbor at 2019-07-12 07:38Maybe do you have some working config?Actually i need to realize ...
Im not shure this is unapplicable
  • x
  • convention:

chenhui Admin Created Jul 17, 2019 10:11:16 Helpful(0) Helpful(0)

Posted by andrbor at 2019-07-17 10:08 Im not shure this is unapplicable
the example just provides a thought of configuring.
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top